Reduce time spent on shared spreadsheets


How CyberGRX Works for Third Parties

Shared spreadsheets are eating up your valuable resources and providing limited value. CyberGRX assessments use a smart, skip level logic approach, so they automatically calibrate to your responses—removing any redundant or irrelevant questions. And, once your assessment is complete, you can use The CyberGRX Exchange to proactively share it with any upstream partner you choose. Complete one assessment, share with many.

  • Complete a Tier 1, 2 or 3 CyberGRX Assessment

    Step 1

  • Receive a detailed roadmap for improving your security

    Step 2

  • Follow CyberGRX's remediation strategies

    Step 3

  • Share with your upstream business partners

    Step 4

  • Never complete another spreadsheet again

    Step 5

Why you should break up with your current process

New regulations and increased scrutiny on third-party risk management


more companies' boards are involved in third-party risk

57% of companies don’t know if a third parties’ policy would prevent a data breach


Benefits for Third Parties

The CyberGRX Exchange and our risk assessments as-a-service help Enterprises and Third Parties cost-effectively identify, prioritize and mitigate risk.

Never complete another shared spreadsheet again
Identify and understand the remediation with the most yield
Share a single assessment with multiple upstream partners
Spend more time on proactive risk management
Drive business growth with proactive security engagement

CyberGRX is a force multiplier for our third-party cyber risk management program. In just the first year we will be able to assess 5x more vendors than we assessed last year and reallocate the resources saved to true risk management and mitigation efforts.

Adam Fletcher, CISO of Blackstone
See Blacktstone Case Study

Frequently Asked Questions

  • How much does this cost?

    For the ordering customers, there are two elements to the cost model: an annual platform access fee and a per-assessment fee that varies according to tier of service. Platform access fees are paid annually; funds put into your CyberGRX account to cover assessment fees are evergreen. Once an assessment is ordered and delivered, customers receive access to that assessment and updates for a 12-month period.

  • How long does it take to complete an assessment?

    Average timeframes to complete an assessment are as follows: ~40 days for Tier 1, ~10 days for Tier 2, and ~7 days for Tier 3. Our customer success team does an outstanding job helping third parties complete their assessments in a timely manner with training, support and coaching. That being said, average timeframes can vary depending on the unique situation.

  • If I post my assessment to the exchange, will anyone be able to see my data?

    No. You are in control of your data. Once you have completed an assessment, that data will only be shared on an individual basis, pending your approval for each case. If you never want to share your assessment, no one will see your assessment results. However, we do let exchange customers know of the presence of an assessment in the exchange for your organization. This facilitates the ordering process by letting them know that an assessment is available.

  • What if I’m not satisfied with my assessment after it is completed, do I have to share it?

    No, you don’t. Once you have completed an assessment, that data will only be shared on an individual basis, pending your approval for each customer. If you do not share an assessment that is ordered, however, you will most likely be required to fulfill the assessment obligation in some other way. Whereas, once you’ve completed a CyberGRX assessment, the CyberGRX platform allows you to continuously update your assessment and share with multiple customers, reducing time spent on filling in various assessment requests.

  • Can I provide additional materials with my assessment? SIG? SOC ll? Comments?

    Yes, we allow for comments on our assessments. As part of our evidence validation process we also consider and accept a review of other materials such as a SIG or SOC II assessment. However, we only collect metadata on those documents (Title, date published / updated, etc.) and do not maintain a copy of the documents in our Platform. Allowing for additional attachments is under consideration. You are also welcomed to share any certification documents out of band with your customer, but the platform does not currently facilitate this sharing.

Try the CyberGRX Exchange for free

Mitigate risk. Manage complexity. Reduce cost.

Request Free Trial